K8s中间键部署

npc部署

https://github.com/ehang-io/nps/releases

wget https://github.com/ehang-io/nps/releases/download/v0.26.10/linux_amd64_client.tar.gz

https://ehang-io.github.io/nps/#/use?id=%e6%b3%a8%e5%86%8c%e5%88%b0%e7%b3%bb%e7%bb%9f%e6%9c%8d%e5%8a%a1%e5%bc%80%e6%9c%ba%e5%90%af%e5%8a%a8%e3%80%81%e5%ae%88%e6%8a%a4%e8%bf%9b%e7%a8%8b

mysql

[root@iluvatar-node-1 zzy]# helm install my-mysql-operator mysql-operator/mysql-operator -n wwmonitor
NAME: my-mysql-operator
LAST DEPLOYED: Thu May 23 18:29:55 2024
NAMESPACE: wwmonitor
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Create an MySQL InnoDB Cluster by executing:
1. When using a source distribution / git clone: `helm install [cluster-name] -n [ns-name] ~/helm/mysql-innodbcluster`
2. When using the Helm repo from ArtifactHub
2.1 With self signed certificates
    export NAMESPACE="your-namespace"
    # in case the namespace doesn't exist, please pass --create-namespace
    helm install my-mysql-innodbcluster mysql-operator/mysql-innodbcluster -n $NAMESPACE \
        --version 2.1.3 \
        --set credentials.root.password=">-0URS4F3P4SS" \
        --set tls.useSelfSigned=true

2.2 When you have own CA and TLS certificates
        export NAMESPACE="your-namespace"
        export CLUSTER_NAME="my-mysql-innodbcluster"
        export CA_SECRET="$CLUSTER_NAME-ca-secret"
        export TLS_SECRET="$CLUSTER_NAME-tls-secret"
        export ROUTER_TLS_SECRET="$CLUSTER_NAME-router-tls-secret"
        # Path to ca.pem, server-cert.pem, server-key.pem, router-cert.pem and router-key.pem
        export CERT_PATH="/path/to/your/ca_and_tls_certificates"

        kubectl create namespace $NAMESPACE

        kubectl create secret generic $CA_SECRET \
            --namespace=$NAMESPACE --dry-run=client --save-config -o yaml \
            --from-file=ca.pem=$CERT_PATH/ca.pem \
        | kubectl apply -f -

        kubectl create secret tls $TLS_SECRET \
            --namespace=$NAMESPACE --dry-run=client --save-config -o yaml \
            --cert=$CERT_PATH/server-cert.pem --key=$CERT_PATH/server-key.pem \
        | kubectl apply -f -

        kubectl create secret tls $ROUTER_TLS_SECRET \
            --namespace=$NAMESPACE --dry-run=client --save-config -o yaml \
            --cert=$CERT_PATH/router-cert.pem --key=$CERT_PATH/router-key.pem \
        | kubectl apply -f -

        helm install my-mysql-innodbcluster mysql-operator/mysql-innodbcluster -n $NAMESPACE \
        --version 2.1.3 \
        --set credentials.root.password=">-0URS4F3P4SS" \
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "1"
    meta.helm.sh/release-name: my-mysql-operator
    meta.helm.sh/release-namespace: wwmonitor
  creationTimestamp: "2024-05-23T10:29:56Z"
  generation: 1
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/created-by: helm
    app.kubernetes.io/instance: my-mysql-operator
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: mysql-operator
    app.kubernetes.io/version: 8.4.0-2.1.3
    version: 8.4.0-2.1.3
  name: mysql-operator
  namespace: wwmonitor
  resourceVersion: "144404"
  uid: 56af4050-7d91-4dd9-9f89-a8f0d83a5268
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      name: mysql-operator
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        name: mysql-operator
    spec:
      containers:
      - args:
        - mysqlsh
        - --log-level=@INFO
        - --pym
        - mysqloperator
        - operator
        env:
        - name: MYSQLSH_USER_CONFIG_HOME
          value: /mysqlsh
        - name: MYSQLSH_CREDENTIAL_STORE_SAVE_PASSWORDS
          value: never
        - name: MYSQL_OPERATOR_IMAGE_PULL_POLICY
          value: IfNotPresent
"/tmp/kubectl-edit-awdcr.yaml" 113L, 3331B
metadata:
        --set tls.useSelfSigned=false \
        --set tls.caSecretName=$CA_SECRET \
        --set tls.serverCertAndPKsecretName=$TLS_SECRET \
        --set tls.routerCertAndPKsecretName=$ROUTER_TLS_SECRET

kafka

[root@iluvatar-node-1 ~]# helm install -n wwmonitor my-kafka bitnami/kafka --set auth.clientProtocol=plaintext,auth.interBrokerProtocol=plaintext
NAME: my-kafka
LAST DEPLOYED: Thu May 23 14:49:22 2024
NAMESPACE: wwmonitor
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: kafka
CHART VERSION: 28.3.0
APP VERSION: 3.7.0

** Please be patient while the chart is being deployed **

Kafka can be accessed by consumers via port 9092 on the following DNS name from within your cluster:

    my-kafka.wwmonitor.svc.cluster.local

Each Kafka broker can be accessed by producers via port 9092 on the following DNS name(s) from within your cluster:

    my-kafka-controller-0.my-kafka-controller-headless.wwmonitor.svc.cluster.local:9092
    my-kafka-controller-1.my-kafka-controller-headless.wwmonitor.svc.cluster.local:9092
    my-kafka-controller-2.my-kafka-controller-headless.wwmonitor.svc.cluster.local:9092

The CLIENT listener for Kafka client connections from within your cluster have been configured with the following security settings:
    - SASL authentication

To connect a client to your Kafka, you need to create the 'client.properties' configuration files with the content below:

security.protocol=SASL_PLAINTEXT
sasl.mechanism=SCRAM-SHA-256
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \
    username="user1" \
    password="$(kubectl get secret my-kafka-user-passwords --namespace wwmonitor -o jsonpath='{.data.client-passwords}' | base64 -d | cut -d , -f 1)";

To create a pod that you can use as a Kafka client run the following commands:

    kubectl run my-kafka-client --restart='Never' --image docker.io/bitnami/kafka:3.7.0-debian-12-r6 --namespace wwmonitor --command -- sleep infinity
    kubectl cp --namespace wwmonitor /path/to/client.properties my-kafka-client:/tmp/client.properties
    kubectl exec --tty -i my-kafka-client --namespace wwmonitor -- bash

    PRODUCER:
        kafka-console-producer.sh \
            --producer.config /tmp/client.properties \
            --broker-list my-kafka-controller-0.my-kafka-controller-headless.wwmonitor.svc.cluster.local:9092,my-kafka-controller-1.my-kafka-controller-headless.wwmonitor.svc.cluster.local:9092,my-kafka-controller-2.my-kafka-controller-headless.wwmonitor.svc.cluster.local:9092 \
            --topic test

    CONSUMER:
        kafka-console-consumer.sh \
            --consumer.config /tmp/client.properties \
            --bootstrap-server my-kafka.wwmonitor.svc.cluster.local:9092 \
            --topic test \
            --from-beginning

WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
  - controller.resources
+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

helm安装关闭认证

修改配置文件

# Listeners configuration
listeners=CLIENT://:9092,INTERNAL://:9094,CONTROLLER://:9093
advertised.listeners=CLIENT://advertised-address-placeholder:9092,INTERNAL://advertised-address-placeholder:9094
listener.security.protocol.map=CLIENT:PLAINTEXT,INTERNAL:PLAINTEXT,CONTROLLER:PLAINTEXT
# KRaft process roles
process.roles=controller,broker
#node.id=
controller.listener.names=CONTROLLER
controller.quorum.voters=0@my-kafka-controller-0.my-kafka-controller-headless.newwwmonitor.svc.cluster.local:9093,1@my-kafka-controller-1.my-kafka-controller-headless.newwwmonitor.svc.cluster.local:9093,2@my-kafka-controller-2.my-kafka-controller-headless.newwwmonitor.svc.cluster.local:9093
log.dir=/bitnami/kafka/data
# Interbroker configuration
inter.broker.listener.name=INTERNAL
# End of configuration

部署kafka

参考文档 kafka各种模式

3.1、使用 KRaft 模式单机安装（SASL/SCRAM-SHA-512）

国内替代镜像下载地址全站镜像索引数量

version: "3"

services:
  kafka:
    image: 'bitnami/kafka:3.7.0'
    container_name: kafka
    ports:
      - "9092:9092"
      - "9093:9093"
    restart: always
    environment:
      - ALLOW_PLAINTEXT_LISTENER=yes
      - KAFKA_CFG_NODE_ID=0
      - KAFKA_CFG_PROCESS_ROLES=controller,broker
      - KAFKA_CLIENT_LISTENER_NAME=CLIENT
      - KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER
      - KAFKA_CFG_INTER_BROKER_LISTENER_NAME=CLIENT
      - KAFKA_CFG_LISTENERS=CLIENT://:9092,CONTROLLER://:9093
      - KAFKA_CFG_ADVERTISED_LISTENERS=CLIENT://10.130.9.30:9092
      - KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,CLIENT:SASL_PLAINTEXT
      - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=0@kafka:9093
      - KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL=SCRAM-SHA-512
      - KAFKA_CFG_SASL_ENABLED_MECHANISMS=SCRAM-SHA-512
      - KAFKA_CFG_MESSAGE_MAX_BYTES=104857600  # 设置消息的最大大小为 100MB
      - KAFKA_CFG_REPLICA_FETCH_MAX_BYTES=104857600  # 设置副本拉取的最大大小为 100MB
      - KAFKA_CFG_SOCKET_REQUEST_MAX_BYTES=104857600  # 设置请求的最大大小为 100MB
      - KAFKA_CLIENT_USERS=test
      - KAFKA_CLIENT_PASSWORDS=123456
    volumes:
      - "/data/docker/kafka/kafka_data:/bitnami"
    networks:
      - kafka_net


#   kafka-ui:
#     image: provectuslabs/kafka-ui:master
#     container_name: kafka-ui
#     ports:
#       - "8910:8080"
#     restart: always
#     environment:
#       - KAFKA_CLUSTERS_0_NAME=local
#       - DYNAMIC_CONFIG_ENABLED=true
#       - AUTH_TYPE=LOGIN_FORM
#       - SPRING_SECURITY_USER_NAME=admin
#       - SPRING_SECURITY_USER_PASSWORD=admin
#     depends_on:
#       - kafka
#     networks:
#       - kafka_net
#
networks:
  kafka_net:
    driver: bridge

启动

docker-compose -f kafka-KRaft-single-auth2.yml up -d

依赖docker

[root@worker11 kafka]# cat  /etc/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify
ExecStart=/usr/local/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target

docker部署

参考自 参考链接

docker run -d \
--privileged \
-p 9092:9092 \
--name=kafka-node1 \
--restart=unless-stopped \
-v /etc/localtime:/etc/localtime:ro \
-v /tmp/kafka/kraft:/bitnami/kafka:rw \
-e KAFKA_CFG_NODE_ID=1 \
-e KAFKA_ENABLE_KRAFT=yes \
-e ALLOW_PLAINTEXT_LISTENER=yes \
-e KAFKA_CFG_PROCESS_ROLES=broker,controller \
-e KAFKA_KRAFT_CLUSTER_ID=manongdashu66666666666 \
-e KAFKA_CFG_ADVERTISED_LISTENERS=SASL_PLAINTEXT://:9092 \
-e KAFKA_CFG_LISTENERS=SASL_PLAINTEXT://:9092,CONTROLLER://:9093 \
-e KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL=PLAIN \
-e KAFKA_CFG_SASL_ENABLED_MECHANISMS=PLAIN \
-e KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=SASL_PLAINTEXT:SASL_PLAINTEXT,CONTROLLER:PLAINTEXT \
-e KAFKA_CFG_INTER_BROKER_LISTENER_NAME=SASL_PLAINTEXT \
-e KAFKA_CFG_SASL_PLAIN_USERNAME=kafka \
-e KAFKA_CFG_SASL_PLAIN_PASSWORD=kafka-secret \
-e KAFKA_CFG_SASL_JAAS_CONFIG="org.apache.kafka.common.security.plain.PlainLoginModule required username=\"kafka\" password=\"kafka-secret\";" \
-e KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=1@localhost:9093 \
-e KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER \
swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/bitnami/kafka:3.3

es

[root@iluvatar-node-1 zzy]# helm install my-elasticsearch elastic/elasticsearch --version 8.5.1 -n wwmonitor

NAME: my-elasticsearch
LAST DEPLOYED: Thu May 23 18:43:10 2024
NAMESPACE: wwmonitor
STATUS: deployed
REVISION: 1
NOTES:
1. Watch all cluster members come up.
  $ kubectl get pods --namespace=wwmonitor -l app=elasticsearch-master -w
2. Retrieve elastic user's password.
  $ kubectl get secrets --namespace=wwmonitor elasticsearch-master-credentials -ojsonpath='{.data.password}' | base64 -d
3. Test cluster health using Helm test.
  $ helm --namespace=wwmonitor test my-elasticsearch

redis

[root@iluvatar-node-1 ~]# helm install my-redis bitnami/redis --version 19.4.0 -n wwmonitor
NAME: my-redis
LAST DEPLOYED: Thu May 23 18:44:51 2024
NAMESPACE: wwmonitor
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: redis
CHART VERSION: 19.4.0
APP VERSION: 7.2.5

** Please be patient while the chart is being deployed **

Redis® can be accessed on the following DNS names from within your cluster:

    my-redis-master.wwmonitor.svc.cluster.local for read/write operations (port 6379)
    my-redis-replicas.wwmonitor.svc.cluster.local for read-only operations (port 6379)



To get your password run:

    export REDIS_PASSWORD=$(kubectl get secret --namespace wwmonitor my-redis -o jsonpath="{.data.redis-password}" | base64 -d)

To connect to your Redis® server:

1. Run a Redis® pod that you can use as a client:

   kubectl run --namespace wwmonitor redis-client --restart='Never'  --env REDIS_PASSWORD=$REDIS_PASSWORD  --image docker.io/bitnami/redis:7.2.5-debian-12-r0 --command -- sleep infinity

   Use the following command to attach to the pod:

   kubectl exec --tty -i redis-client \
   --namespace wwmonitor -- bash

2. Connect using the Redis® CLI:
   REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h my-redis-master
   REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h my-redis-replicas

To connect to your database from outside the cluster execute the following commands:

    kubectl port-forward --namespace wwmonitor svc/my-redis-master 6379:6379 &
    REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h 127.0.0.1 -p 6379

WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
  - replica.resources
  - master.resources
+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/